On Tue, Dec 24, 2024 at 12:37 AM Wentao Liang <liangwentao@xxxxxxxxxxx> wrote:
>
> In the smb2_send_interim_resp(), if ksmbd_alloc_work_struct()
> fails to allocate a node, it returns a NULL pointer to the
> in_work pointer. This can lead to an illegal memory write of
> in_work->response_buf when allocate_interim_rsp_buf() attempts
> to perform a kzalloc() on it.
>
> To address this issue, incorporating a check for the return
> value of ksmbd_alloc_work_struct() ensures that the function
> returns immediately upon allocation failure, thereby preventing
> the aforementioned illegal memory access.
>
> Fixes: 041bba4414cd ("ksmbd: fix wrong interim response on compound")
> Signed-off-by: Wentao Liang <liangwentao@xxxxxxxxxxx>
Applied it to #ksmbd-for-next-next.
Thanks!
